I don’t think anyone will dispute that we’re living through an unprecedented time.  The COVID-19 pandemic is affecting almost all areas of our lives including how we work, play and shop. One of the things that hasn’t changed is that security threats are rampant, and many are taking advantage of COVID-19 specifically.  What should Chief Security Officers (CSO’s) and other computer security professionals be considering in this unique moment?

There has been a dramatic increase in all the normal scams and attacks but now using COVID-19 as a keyword to lure people in. There has been an increase in spam and phishing attacks using this approach. Many of these are being used to entice clicks that spread malware. These attacks will often attempt to impersonate health organisations or charities.

Governments have been introducing enhanced unemployment benefits and other economic stimulus programs. Malicious attackers are exploiting confusion related to these programs along with the real desperation of folks trying to get this relief, to introduce scams offering to help them apply or expedite their requests. These attacks are harvesting personal information or extorting payments from the victims.

Organisations frequently have existing security protections in place against these types of attacks, including updated spam filters, anti-virus signatures, and message hygiene solutions. However the biggest contribution to safety is to accelerate and update your security communication. Updating your community about the most common threats is practical protection. This is not as easy as it sounds without up to date and relevant information about trending threats, though. Have you got an internal procedure for monitoring the threat landscape and are you getting this information from your ICT provider?

COVID-19 has forced organisations to embrace working from home. Now there are more workstations and mobile devices that are no longer under the enterprise’s control. They will, however, be accessing and potentially storing the organisations data. Having a solid VPN, gateway or remote server solution is a critical to safely setting up work from home capability. This will at least satisfy the need to protect information in transit, but it doesn’t prevent unwanted attention from COVID-19 savvy attackers.

As an organisation, consider the learnings that you can incorporate in your overall disaster readiness planning. Many organisations have considered the most likely areas of concern, such as fire, severe weather or theft. Organisations in the post SARS and COVID era need to include pandemic planning as a part of their scenario planning. Health experts are warning about a COVID-19 resurgence later in the year, and the potential for more outbreaks in the future exists.

The good news is whether you had a plan for this or you didn’t, there is an opportunity to harvest the learnings and incorporate them into your disaster planning. Perform a solid debrief and document what worked well (and most importantly, what didn’t). What surprised you? There is an opportunity to save the future you from having to re-learn these lessons.

These will be trying times for organisations, and it’s tempting to let cyber-security considerations take a backseat to the immediate requirements of ‘just surviving’. Jupiter Group has security solutions and expertise that we can provide to help you through this and future challenges. Talk to us about how to prepare your business for the obvious and the unlikely alike.

Digital Transformation has evolved into an overused buzzword. The original meaning has been diluted where every technology initiative is branded as Digital Transformation. Having the focus on the technology brings the wrong lens to these projects. Digital Transformation is about business and it starts and ends with business as the focus. Well, maybe more accurately, it starts with the customer and ends with the business.

Digital Transformation is about mining a business to find new opportunities. It’s about a mindset of continuous improvement, embracing disruption, and leaving no room for competitors to impose on your business. The attitude is if we don’t bring the disruption to our industry, someone else will.

The practical question is “how does a business accomplish this”? Every business or organisation works on a set of implicit assumptions that become embedded in the culture. This culture is often the largest obstacle to change. Quite often it takes a fresh set of eyes or a careful openness to surfacing these assumptions and questioning them. Assumptions like “our customers call us when they need parts.”  Really? Why? Could you phone them? Why the phone? Who did they call before they called you?

 

Not every Transformation needs to be a moon shot. Incremental improvements are fair game; what differentiates a Digital Transformation project from other types of initiatives is that Transformation takes on the culture and embedded assumptions.

 

The most successful Digital Transformation efforts are completed by cross-functional teams. It turns out that an organisation’s structure is often a barrier holding a business back. Asking a cross-functional team to take off their departmental jersey and consider the whole company can unlock new potential.

Digital Transformation should revolve around the customer. Consider each customer interaction and its full life-cycle. Simply putting a process online is not Digital Transformation. Digital sure, but not transformation unless something in the underlying business process changes to add value to that interaction. There have been successful Transformation projects that address the employee as the customer and optimise internal processes, but the external facing elements tend to have larger benefits.

For a business, particularly small or medium-sized business, to engage in Digital Transformation can be difficult due to lack of experience. Organisations can become accomplished at this, but some initial coaching and guidance will set them off on the right foot.

Organisations like Jupiter Group can provide the professional consulting expertise to facilitate this process. Our process uses initial facilitated discovery workshops to brainstorm opportunities. Those ideas are then evaluated and refined to determine which should be pursued. Using an experienced set of eyes and hands pays dividends in accelerating the process and ensuring success for any Transformation project. Speak with our team today about your Digital Transformation.